LNbits

</a>

phase: stable PRs: welcome

LNbits Super User (SU)

Table of Contents

TLDR - **No Admin UI → No Super User.** The Super User (SU) exists only when `LNBITS_ADMIN_UI=true`. - **Why SU exists:** SU can do a few high impact actions regular admins cannot, like **changing the funding source**, **restarting the server from the UI**, and **crediting or debiting accounts**. - **Login changes since v1:** Logging in by **user ID** for SU and admins is **disabled**. On first visit after enabling the Admin UI you will be prompted to set a **username and password** for the SU. - **Trust model:** Admins and the SU share about **99 percent of the same powers**, but the SU is the one trusted with funding source control and cannot be demoted by regular admins.

What is the Super User?

The Super User is the owner-operator account of an LNbits instance. Think of it as your “break glass” operator with a few capabilities that are intentionally reserved for the person ultimately responsible for the server and the funding rails.

The SU is created alongside the Admin UI and is meant to keep enviroment operations pleasant in the UI while keeping the most sensitive knobs in trusted hands.

Key SU capabilities

  • Change the funding source for the instance
  • Restart the LNbits server from the web UI
  • Credit or debit accounts for operational corrections

Note These are separated from regular admin tasks on purpose. It helps maintain least privilege and reduces the chance of accidental or malicious changes.

Admin vs Super User

Capability Admin Super User
View Admin UI If enabled If enabled
Change funding source
Credit or debit accounts
Restart server from UI
Manage users and wallets
Instance-level settings
Manage notifications
Exchange rates
View all Payments

Why both roles? In many teams the person running the server prefers to delegate day-to-day admin work while keeping funding and final authority safe. Admins can do almost everything; the SU retains the last few high risk powers.

When is the Super User created?

  • The SU is created only when you enable the Admin UI: LNBITS_ADMIN_UI=true.
  • If the Admin UI is disabled, there is no SU and all SU-only UI is hidden.

Disabeling the Admin UI

[!IMPORTANT] Read the Admin UI guide before Disabeling. You are turning on a management surface; do it deliberately.

Set the environment variable in your deployment:

# .env
LNBITS_ADMIN_UI=false

Super User identity and storage

LNbits stores the Super User ID at:

/lnbits/data/.super_user
  • Back this up along with the rest of /lnbits/data as part of your secure backup routine.
  • Changing who is the SU can only be done by someone with CLI access to the host OS where LNbits runs. Regular admins cannot revoke or replace the SU in the Admin UI.

Security model since v1

  • User-ID logins are disabled for SU and admin roles.
  • Credentialed login is required: set a username and password for the SU at first run of the Admin UI.
  • SU secrecy: Regular users and admins cannot discover the SU user ID through normal UI flows.

Operational guidance

These are practical tips for running a safe and friendly instance.

  • It is normal to delegate admin duties to trusted people. Admins have about 99 percent of SU powers for day-to-day work.
  • Keep the SU reserved for the person legally or operationally responsible for the funding source.
  • Use admin roles for regular day-to-day management and keep the SU for reserved SU tasks only.

Additional guides

  • Admin UI — Manage server settings in the browser instead of editing .env or using the CLI for routine tasks.
  • User Roles — Overview of roles and what they can do.
  • Funding sources — Available options and how to enable and configure them.
  • Install LNBits — Choose your prefared way to install LNBits.

Powered by LNbits

LNbits empowers everyone with modular, open source tools for building Bitcoin-based systems — fast, free, and extendable.

If you like this project, send some tip love or visit our Shop

LNbits Shop Visit LNbits Shop Try myLNbits SaaS Read LNbits News Explore LNbits Extensions